[gobolinux-devel] Nvidia Binary Driver Considered Rootable
MJ Ray
mjr at phonecoop.coop
Tue Oct 17 08:18:10 UTC 2006
http://www.rapid7.com/advisories/R7-0025.jsp says
" The NVIDIA Binary Graphics Driver for Linux is vulnerable to a
buffer overflow that allows an attacker to run arbitrary code as
root. This bug can be exploited both locally or remotely (via
a remote X client or an X client which visits a malicious web page).
A working proof-of-concept root exploit is included with this
advisory.
" There have been multiple public reports of this NVIDIA bug on the
NVNews forum [1,2] and elsewhere, dating back to 2004 [3]. NVIDIA's
first public acknowledgement of this bug was on July 7th, 2006. [...]
" As of the publication date, the latest NVIDIA binary driver is still
vulnerable. [...]"
Time to drop the nvidia package from the mirrors? (and nearly 2 years
for an ack of a remote root bug?!? Would you trust this in your OS?)
Seen in http://www.hermann-uwe.de/blog/nvidia-binary-graphics-driver-root-exploit
--
MJ Ray - see/vidu http://mjr.towers.org.uk/email.html
Somerset, England. Work/Laborejo: http://www.ttllp.co.uk/
IRC/Jabber/SIP: on request/peteble
More information about the gobolinux-devel
mailing list